1. You received a call from a patient today whose identity has been stolen. he blames your facility for the breach. You have researched his complaint and do not find any indication that there has been a breach of the patient's data. You decide to call your business associates to see what they find. The coding consultant company admit that they had a security breach several months ago, and patient information was accessed. This patient information included social security numbers. The company had not notified you of their breach as per the business associate agreement.

1a . Identify the privacy and security violations that have occurred.

1b. What privacy and security recommendations will you give the coding company?

2. Release of Information Staff Privacy and Privacy Rule Training Test

The staff of the release of information (ROI) section frequently receive patient questions regarding the Notice of Privacy Practices and other privacy rulerelated issues. The staff must be well-versed in-patient rights and ROI regulations to answer these patients questions.

The department supervisor has just developed a list of questions that will be used in training new ROI staff. The plan is to review each of the situations provided and have the new employee take a test. He or she will be instructed to place an X beside the situations that violate privacy regulations.

Create an answer key for each of the questions presented in the new employee quiz shown below and explain your decision about what the correct answer was.

ROI Staff Privacy and HIPAA Training Quiz

Instructions: Place an X beside each of the following situations that violate HIPAA requirements.

______a. Marjorie just processed a request for protected health information (PHI). It was dated 60 days ago.

______b. Mark, a HIM clerk, denied a request by Sarah, a patient, to obtain a copy of her pathology report from a hysterectomy

______c. The authorization does not have a Social Security number on it, so the HIM coordinator returned it stating that it does not meet HIPAA requirements.

______d. Natalie just requested a list of people who have reviewed her record. This is her second request of the year. The hospital is charging her $250.00.

______e. Bob just refused to sign the Notice of Privacy Practice, but the hospital treated him anyway.

_____f. The patient has requested that any calls be made to her cellular number rather than her home number and that any mail should be sent to a post office box rather than her home address.

_____g. The hospital received a request to amend a patient record. It reviewed the request and denied the request as the error was in a copy of a report from another healthcare facility.

_____h. The request for an amendment of the health record was processed in 28 days.

______i. The Notice of Privacy Practices gives an example of treatment, payment, and healthcare operations.

______j. The hospital received request to amend a patient record. It returned the request to the patient stating that the patient does not have the right to request an amendment.